Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Trupti_Deshmukh
Participant

Not able to run Python script in Checkpoint GAIA security GW

Hi team,

I have pushing python script from ansible. I have whitelisted python script path in /opt/CPsuite-R77/fw1/conf/whitelist as well.

Getting error : File '/opt/CPsuite-R77/fw1/scripts/ansible-tmp-1549820289.28-125410269476857/AnsiballZ_ping.py' execution is not allowed according to Check Point policy

Please help in this.

7 Replies
Martin_Valenta
Advisor

Python and modules on CP GW is having limited functionality, you cannot run everything like you would run on pc/server, rather run it from normal linux machine

0 Kudos
Trupti_Deshmukh
Participant

Hi Martin,

It is ansible control host who is pushing scripts on Checkpoint GAIA gateway R80.10

Has anyone worked for Checkpoint GAIA gateway using Ansible?

Which Remote_tmp path to select to run scripts successfully by ansible on Checkpoint GAIA gateway R80.10?

0 Kudos
PhoneBoy
Admin
Admin

What is the purpose of the script you're trying to push?

In general, the number of libraries we include with our Python is limited.

There me be a different way to achieve the result you're after.

0 Kudos
Trupti_Deshmukh
Participant

Hi,

This is command module i am running using in ansible to push commands in checkpoint gateway.

Ansible generates .Py file and executes on gateway.

 It might be the case that pushing commands using command module is not supported by checkpoint. I will check for network_cli module then. Thanks for your responses. It helps.

Where can I get details of ansible modules which are allowed by checkpoint in firewall to run?

Regards,

Trupti

0 Kudos
PhoneBoy
Admin
Admin

If you're trying to have Ansible run commands on a Check Point Security Gateway in this manner, this is not supported.

What you can do today is use an Ansible module to talk with the R80.x Management Server and have it execute commands using the run-script API.

See: Automate your R80 Management Server using Ansible

We also have a REST API on the Gateway that we added fairly recently: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-...

There is not an Ansible module that takes advantage of this just yet.

0 Kudos
Trupti_Deshmukh
Participant

Thanks for information....I would be happy If i get it from EA team for testing.

Please do let me know when ansible module is available to automate Checkpoint R80.10 security gateway

0 Kudos
PhoneBoy
Admin
Admin

Like I said, you can already do it today using the run-script API and the Ansible module I linked in my previous reply.

It's an indirect approach but it works.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events